LokiBot Trojan Malware Comes As Popular Game Launcher

lokibot trojan malware in epic game
Photo by Markus Spiske on Unsplash

Cybercriminals are trying new ways to infect your device. In their latest try, they are infecting computers with LokiBot Trojan malware by impersonating a popular game launcher to trick users into executing it on their machines. 

What is LokiBot

LokiBot is a Trojan Malware that has the ability to harvest sensitive data such as passwords as well as cryptocurrency information. targets the Windows and Android operating systems. LokiBot typically infiltrates systems without users’ consent – it is distributed via spam emails (Windows OS), various private messages (SMS, Skype, etc.), and malicious websites.

How It’s Infecting Computers

It impersonates the launcher of Epic Games, the developer behind highly popular online multiplayer video game Fortnite. Cyber Security expert at Trend Micro noted that the malware, in this case, used an unusual route for installation which makes it harder for the antivirus to detect it. 

The infection starts with a file that is supposedly the installer of the Epic Games store. This fake installer was built using the NSIS (Nullsoft Scriptable Install System) installer authoring tool. In this campaign, the malicious NSIS Windows installer used the logo of Epic Games to trick users into thinking that it’s a legitimate installer.

Upon execution, the malware installer drops two files: a C# source code file and a .NET executable in the “%AppData% directory” of the affected machine. Once inside the system, the .NET file reads and compiles with the C# code, before decrypting it and executing LokiBot itself on the infected machine, This provides the attacker with the backdoor required to steal information, monitor activity, install other malware and carry out other malicious actions.

This LokiBot sample’s installation routine combines two techniques to evade detection: First, it makes use of C# source code to evade defense mechanisms that solely target executable binaries. In addition, it also uses obfuscated files in the form of the encrypted assembly code embedded in the C# code file. The final phase of the infection would be the execution of the LokiBot payload. 

What You Should Do

First of all please stop downloading software from untrusted sources and from torrent. It is the most important step to remain safe from LokiBot and other malware. Only download software and attachments from trusted sources. And don’t forget to diploy some sort of protection in your network and computer.

Via: Trend Micro